// For flags

CVE-2007-1222

 

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.

Parallels Desktop para Mac anterior a 20070216 implementa Drag y Drop compartiendo el sistema de ficheros del host completamente como el compartido .hsf, lo caul permite a usuarios locales del sistemas operativo invitado escribir archivos de su elección a través del fichero de sistema host y ejecutar código de su elección a través de la creación con la escritura de un archivo plist en un directorio LaunchAgents.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-03-02 CVE Reserved
  • 2007-03-02 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Parallels
Search vendor "Parallels"
 Parallels Desktop
Search vendor "Parallels" for product "Parallels Desktop"
*-
Affected
in Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
 10.4.9
Search vendor "Apple" for product "Mac Os X" and version "10.4.9"
-
Safe